USG40 - disable DPD on IKEv2

train_wreck
Posts: 3


I want to disable DPD on an IKEv2 site-to-site tunnel. How do I do this? There is no "dpd" command available under "ikev2 policy <policyname>". The only setting available is "dpd-interval", and the only valid values are 15-60. There is no option in the GUI. I tried "no dpd-interval", and the CLI accepted the input, but the DPDs continue to be sent, and the CLI still reports it being enabled when running "show ikev2 policy". Firmware is latest version available as of this post.
What's the secret here?
0
All Replies
-
Hi @train_wreck
The DPD function can be disabled by CLI command:
Router(config-ikev2 NAME)# no dpd-interval
However, this will disable the DPD sending out proactively
If peer side DPD still working, the device will reply it.
So this function need to be disabled on both of sides.
The DPD function is a mechanism to check peer device networking status to prevent zombie tunnel situation and it is enabled by default. It’s also recommended to enable it on both sites.
0
Categories
- All Categories
- 194 Beta Program
- 1.7K Nebula
- 93 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 52 Switch Ideas
- 920 WirelessLAN
- 28 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 453 Nebula FAQ
- 258 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 67 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight